Configure TLS Strong Encryption

You can configure TLS strong encryption for LCE-client communications to meet the security needs of your organization. LCE uses TLS 1.2 to encrypt LCE-client communications. For more information about LCE encryption, see Encryption Strength.

To configure TLS strong encryption for LCE communications:

  1. Log in to LCE via the CLI.

  2. Run the following command to specify the cipher you want to use for TLS encryption:

    source /opt/lce/tools/exigent-sessions.bashrc

    undoc-config --set lced cryptSyslog_ciphersuiteSelector <cipher you want to use for TLS encryption>

    For example:

    source /opt/lce/tools/exigent-sessions.bashrc

    undoc-config --set lced cryptSyslog_ciphersuiteSelector ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-GCM-SHA384

  3. Run the following command to restart all LCE daemons:

    restart-all bar-pg